Privacy and cookies
Published: 28 August 2024
The River Thames Scheme (the 'Scheme') is committed to protecting your privacy when you contact us and participate in our consultation activities. Further details about the River Thames Scheme can be found on the project website.
The Privacy Notice below explains how we use information about you and how we protect your privacy.
This River Thames Scheme website is provided by The Environment Agency and Surrey County Council ("we", "our" and "us"). We collect, use and are responsible for certain personal data about you. When we do so we are subject to the UK General Data Protection Regulation (GDPR). This notice applies to any personal data that we collect about you, including when we carry out our public consultation and land referencing exercises.
Personal data includes any information that relates to a living individual who can be either:
- Identified from that data; or
- Can be identified from the information combines with any other information that is in the possession of the person or organisation holding the information.
Personal data can therefore include, for example, your name, address, email, date of birth and telephone number.
Please read this Privacy Notice carefully as it explains your rights in relation to your personal data and how to contact us or a relevant regulator in the event you have a query or complaint.
This Privacy Notice is divided into the following sections
Page contents
- Data controllers
- Land Referencing
- What personal data we collect about you
- How your personal data is collected
- Why the River Thames Scheme needs your personal data
- How the law allows us to use your personal data
- Using your personal data for a specified purpose
- Your rights
- Information (including personal data) that is published online
- Who we share your personal data with
- How long we keep your personal data for
- How we protect and keep your personal data secure
- Where your personal data is held
- Website analytics
- How to contact us
- Where can I get advice?
- Changes to this Privacy Notice
- Do you need extra help?
Data Controllers
The Environment Agency and Surrey County Council are each a Data Controller of personal data obtained for the River Thames Scheme. This means each of us is an organisation legally responsible for deciding how and for what purposes your personal data is used. We are both required to comply with the UK GDPR.
However, the information for the land referencing (explained below) is collected on our behalf by Dalcour Maclaren, an organisation we have contracted to help us. While Dalcour Maclaren has a legal responsibility to look after your personal information, we still have overall responsibility. We will use your personal data fairly, lawfully and in a transparent manner.
The Data Protection Officer for each organisation oversees data protection compliance for Surrey County Council and the Environment Agency respectively. If you have any questions about this Privacy Notice or on how we handle your personal data, please see the 'How to contact us' section below.
Land Referencing
We are proposing to make an application for development consent under the Planning Act 2008 for the River Thames Scheme. As part of this application, the law requires us to identify those people and organisations who may have a legal or beneficial interest in land which might be affected by our application, so that we can consult with them. This is called land referencing.
What personal data we collect about you
We will collect and use the following personal data about you:
- Your name and contact information, including email address and telephone number and company details
- Demographic information including, for example, your gender, age, disability, where we have received your consent to collect this
- Details of any information, feedback or other matters you give to us by phone, email, post or via social media
- Information about how you use our website, communication and other systems
- Your responses to consultations, surveys, and questionnaires.
For the land referencing exercise, we also collect details of your interest or ownership in the relevant land, details of other interests in the land (such as a mortgage) and any additional information you may provide to us.
We collect and use this personal data for the purposes described in the section 'Why the River Thames Scheme needs your personal data' below.
How your personal data is collected
We collect personal data from you:
- Directly, when you enter or send us information, such as when you register with us, contact us (including via email), send us feedback, request or register for updates and information, e.g. newsletters, via our website, post material to our website, respond to consultations, and complete surveys or questionnaires via our website, and
- Indirectly, such as your browsing activity while on our website; we may collect information indirectly using the technologies explained in the section on 'Website analytics' below.
For the land referencing exercise, we also collect personal data about you from other sources. This includes HM Land Registry, Electoral Roll, Experian 192, Companies House, Charity Commission, Financial Conduct Authority, TraceIQ, BT Directory, online registries, websites of organisations and information which may be obtained from a general internet search and from completed Land Interest Questionnaires provided to us.
This is required to ensure that all land interests are identified and are able to be contacted in our statutory consultation exercises and to help us check personal data received in order to support delivery of the Scheme, including to help contact the individual who the personal data relates to (the 'data subject') for the purpose of undertaking consultations and sending out questionnaires and surveys or to make other contact as may be required for the Scheme.
Why the River Thames Scheme needs your personal data
We may need to use your personal data so that we can deliver information on the Scheme to you. We may also collect some personal data if you complete a survey or questionnaire about the Scheme.
We may need to contact you to investigate any concerns or complaints you may have about the Scheme.
Because the Scheme is a partnership, we may share your details between the Environment Agency and Surrey County Council but we will only do this where necessary.
How the law allows us to use your personal data
There are several legal reasons why we may need to collect and use your personal information.
We collect and use personal data where:
- You, or your legal representative, have given consent;
- You have entered into a contract with us or to take steps at your request before entering into a contract;
- It is required by law;
- You have made your information publicly available;
- It is necessary for legal cases; and
- It is necessary for archiving, research, or statistical purposes.
Consent
Where we ask for your consent to process your personal data, we will explain to you what we are asking you to agree to and why. If we have consent to use your personal information, you have the right to remove it at any time. If you want to remove your consent, please use our contact form.
Using your personal data for a specified purpose
We take careful consideration to only collect and use personal information if we need it to deliver the Scheme or meet a requirement. There will be instances where we will anonymise your data. For example, in a survey we may not need your contact details we'll only collect your survey responses. Please be aware that there is a possibility we will use your personal data for research and statistical analysis purposes.
Please be reassured that we handle the use and collection of your personal data seriously and that we do not sell your personal information to anyone else. We will process your personal data on the following legal basis:
GDPR article 6.1 c (necessary for us to comply with a legal obligation):
The main purpose for which we use your information is to comply with our legal obligations under the Planning Act 2008 to identify, consult with and notify relevant land interests under the Planning Act 2008 in relation to our application for development consent for the Scheme. This is also the basis on which our processing of your personal data is lawful. Processing personal data includes obtaining, recording, holding and carrying out any set of operations on, storing or destroying personal data. Processing is defined very widely in the UK GDPR.
Within this overall purpose, we need to be able to:
- Contact you to notify you about our plans and consult with you in relation to them;
- If applicable, contact you to discuss the acquisition of land or rights over land from you;
- Produce statutory documents that are required by law including a Book of Reference (a publication containing certain personal data) and a Consultation Report (setting out the responses received to the consultation and how we have had regard to them) that will be submitted as part of our application for development consent and which will be publicly available documents;
- Notify you of the acceptance of our application for development consent by the Planning Inspectorate and subsequent decision by the Secretary of State; and
- If applicable, share your mortgage reference with lenders or mortgagees to enable them to check information which may affect them.
Certain personal data that is collected must be treated as special category personal data to which additional protections apply under data protection law such as sex, gender, disability, age, racial or ethnic origin, religion and sexual orientation.
Where we process such special category personal data, we will also ensure we are permitted to do so under data protection laws.
Your rights
The law gives you a number of rights to control your personal data when it is used by us:
- The right to be informed – this Privacy Notice is part of your right to be informed.
- The right of access.
- The right to rectification.
- The right to erasure.
- The right to restrict processing.
- The right to data portability.
- The right to object.
- Rights in relation to automated decision making and profiling.
Please note that there are some circumstances and exceptions where these rights may be restricted.
The right of access means you can ask for access to the personal data we hold on you
When we receive a request from you in writing, we will in most cases give you access to what we've recorded about you. However, there are circumstances and exceptions where this is not possible as the examples below:
- Where there is confidential information about other people; or
- Where a duty of confidentiality exists; or
- Where there is personal data that a professional thinks will cause serious harm to you or someone else's physical or mental wellbeing; or
- Where we have to consider the provisions of access to a deceased persons personal data; or
- If we think that giving you the information may stop us from preventing or detecting a crime
This applies to personal information that is in both paper and electronic records. Access to your personal data can be made using our contact form.
The right of rectification means you can ask to change personal data you think is inaccurate
If you disagree with anything in your personal data, for instance an update to your address, please contact us using our contact form. However please be aware that we may not always be able to change or remove that information. What we will do is correct factual inaccuracies and may include your comments in the record to show that you disagree with it.
The right to erasure means you can ask to delete personal data information (this is known as the 'right to be forgotten')
In some circumstances you can ask for your personal data to be deleted. For example:
- Where your personal information is no longer needed for the reason, it was collected in the first place;
- Where you have removed your consent for us to use your information (where there is no other legal reason for us to use it);
- Where there is no legal reason for the use of your information; or
- Where deleting the information is a legal requirement.
Where your personal data has been shared with others, we'll do what we can to make sure those using your personal information comply with your request for erasure.
Please note that we can't delete your personal data where:
- We're required to have it by law;
- It is used for freedom of expression;
- It is for public health purposes;
- It is for scientific or historical research, or statistical purposes where it would make information unusable; and
- It is necessary for legal claims.
The right to restrict processing means you can ask to limit what we use your personal data for
You have the right to ask us to restrict what we use your personal data for where:
- You have identified inaccurate information, and have told us of it
- Where we have no legal reason to use that information but you want us to restrict what we use it for rather than erase the information altogether
When information is restricted, it can't be used other than to securely store the data and with your consent to handle legal claims and protect others, or where it's for important public interests of the UK.
Where restriction of use has been granted, we'll inform you before we carry on using your personal information.
The right to data portability means you can ask to have your personal data moved to another provider (data portability)
You have the right to ask for your personal data to be given back to you or another service provider of your choice in a commonly used format. This is called data portability.
However, this only applies if we are using your personal data with consent (not if we are required to do so by law) and if decisions were made by a computer and not a human being.
It is likely that data portability will not apply to the River Thames Scheme.
The right to object means you have the right to object to the processing of your personal data where the following applies:
- Where the processing is based on legitimate interests or the performance of a task in the public interest/exercise of official authority (including profiling);
- Direct marketing (including profiling);
- Where the processing is used for the purposes of scientific/historical research and statistics.
Please note that there are circumstances where your objection will not apply:
- Where there are compelling legitimate grounds for the processing;
- The processing is for legal claims;
- Where we are conducting research where the processing of personal data is necessary for the performance of a public interest task.
Rights in relation to automated decision making and profiling means you can ask to have any computer-made decisions explained to you
The River Thames Scheme may use your personal details to help profile an area and identify gaps in the people we are reaching with information about the Scheme. This would use your postcode only and you will not be identified.
Questionnaire and survey responses will be analysed using computer programmes but the information will be anonymised and you will not be identified.
The computer outputs will be used to help make decisions about aspects of the Scheme.
Information (including personal data) that is published online
We will not publish online the personal data we receive. However, the Planning Act 2008 and associated statutory procedural rules and regulations require the Planning Inspectorate to publish the following post submission of the Development Consent Order (DCO) application:
- relevant representations, written representations, and other documents, including the name of the person that has submitted the document; but with certain personal details e.g. telephone numbers; addresses; email addresses; signatures and sensitive personal information (special categories of data) blanked out; and
- the Book of Reference and Consultation Report submitted by us, which will include the names and addresses of interested parties because the land or rights of those interested parties would be affected by the proposed development and planning proposals. The Book of Reference is kept on the Planning Inspectorate website until the decision on the River Thames Scheme is made. The Consultation Report will remain available for public inspection on the Planning Inspectorate website following the decision by the Secretary of State for a period of five years following the decision but will not be updated with further information and personal data is redacted.
Who we share your personal data with
We may share your information with carefully selected third parties, including our professional advisors, but only for the purposes specified in this privacy notice. In particular we may share your information with Dalcour Maclaren (our land agents), Pinsent Masons (our legal advisers), Turner and Townsend (our project management advisors), Arcadis (our project support advisors), Jacobs (our consenting advisors) and WSP Binnies (our design and environmental advisors).
Your interest will be published in the Book of Reference, if we consider that your legal interest in property or land may be affected by the Scheme. We have a legal duty to make the Book of Reference available for inspection by the public. It is also disclosed to the Planning Inspectorate and will be published on their website as discussed above. The Book of Reference is required by law to include the name and address of the person or company which has an interest in the property and the nature of the interest. The Book of Reference will not include telephone numbers or email addresses of anyone listed.
We will also be reporting to the Secretary of State, Planning Inspectorate or local authorities on the public consultation, including the production of a Consultation Report. This may involve passing your personal data to those parties, and in some cases we are required to publish the data as part of the consenting process - the Planning Inspectorate's privacy notice is on their website.
We may also share your personal information (where required or permitted by law) with government bodies and law enforcement agencies if we feel there's a good reason to override the protection of your privacy. This doesn't happen often, but we may share your information in order to prevent crime and fraud.
We do not share your information with third parties for marketing purposes.
How long we keep your personal data for
We often keep your personal data for audit purposes, legal reasons and best practice records management guidelines. There are set periods of time for keeping information which we incorporate where applicable as part of our Records Management Policy and Retention Schedules. This ranges from months for some records to decades for more sensitive records. The Book of Reference and Consultation Report will remain available for public inspection following the decision by the Secretary of State, but will not be updated with further information.
How we protect and keep your personal data secure
We take the protection of your personal data seriously whether it be electronic or paper records. Examples of our security include:
- Encryption, meaning that information is hidden so that it cannot be read without special knowledge (such as a password).
- Verification processes in place to seek to validate and verify information
- Controlling access to systems and networks allows us to stop people who are not allowed to view your personal information from getting access to it
- Training for our staff allows us to make them aware of how to handle information and how and when to report when something goes wrong
- Regular testing of our technology and ways of working including keeping up to date on the latest security updates.
Where your personal data is held
Personal information is stored on systems in the UK or European Union (EU).
Website analytics
We use third-party web analytics tools to help us monitor how people use our website.
Your Internet Protocol (IP) address will be collected for the purpose of distinguishing between internal (staff) and external (public) usage. We do not associate your IP address with anything that is personally identifiable, so your use of our websites will remain anonymous to us.
To disable the collection of anonymous analytics data you can enable the "Do Not Track" setting in your browser (this link takes you to the Surrey County Council website). We also use cookies for various purposes.
How to contact us
Please contact our service directly regarding any general enquiries, comments or complaints about the River Thames Scheme by:
- Using our contact form
- Email: enquiries@riverthamesscheme.org.uk
- Surrey County Council Contact Centre on 03456 009 009.
For any concerns or questions about this Privacy Notice or how your personal information is handled by us, or are not satisfied with our handling of any request made by you, or would otherwise like to make a complaint relating to data protection, please contact:
Environment Agency's Data Protection Officer: dataprotection@environment-agency.gov.uk
Surrey County Council's Data Protection Officer: DPO@surreycc.gov.uk
Where can I get advice?
For independent advice about data protection, privacy and data sharing issues, you can contact the Information Commissioner's Office (ICO) at:
Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
Tel: 0303 123 1113.
Alternatively, visit the ICO website.
Changes to this Privacy Notice
We keep our privacy notice under regular review.
This privacy notice was last reviewed and published in August 2024.
Do you need extra help?
If you would like this notice in another format (for example audio, large print, braille) please contact us (see 'How to contact us' above).
Cookies
A cookie is a small text file that is stored on your device so that a website can remember information about your visit. A cookie will typically contain the name of the website that create it, a time period for which it is valid, and a value, which is often a randomly generated and unique number.
Cookies set by our website
Name | Purpose | Expires |
---|---|---|
SQ_SYSTEM_SESSION | Session state | End of session |
_ga | Google Analytics | 02 years |
_gid | Google Analytics | 24 hours |
_gat | Google Analytics | 01 minute |
nlbi_[ID] | Imperva Cloud web application firewall (WAF) | End of session |
incap_ses_[ID] | Imperva Cloud WAF | End of session |
visid_incap_[ID] | Imperva Cloud WAF | 01 year |
Third party cookies
Some third party services embedded within this website set their own cookies. These are known as third party cookies because they are not set by our website. We have no control over the cookies that are set by third party services.
How to manage cookies
More information about managing cookies is available on the Information Commissioner's Office website.
Document history
Published: 28 August 2024
Updated: 28 August 2024